61 lines
1.7 KiB
Plaintext
Executable File
61 lines
1.7 KiB
Plaintext
Executable File
0.09:
|
|
* version 1.1 of the protocol, with 1.0 as a "compat" option
|
|
(where both 1.0 and 1.1 response keys are sent) compat is either
|
|
on, off, or unspecified, in which case it's on by default for
|
|
one month
|
|
|
|
0.08:
|
|
* security fix, as pointed out by meepbear: check_authentication
|
|
shouldn't honor signature verification requests using
|
|
assoc_handles that were given out in associate requests. that
|
|
means that we must be able to distinguish (internally) handles
|
|
that were given out to "dumb" consumbers (stateless) vs. ones we
|
|
gave out in associate requests.
|
|
|
|
for more information, see:
|
|
http://lists.danga.com/pipermail/yadis/2005-July/001144.html
|
|
0.07:
|
|
* openid.mode=cancel support
|
|
|
|
* invalidate_handle support
|
|
|
|
* fix a call to error_page that should've been _error_page
|
|
|
|
* _secret_of_handle now only takes an assoc_handle, not
|
|
also an assoc_type, as an assoc_handle should always
|
|
self-imply its type
|
|
|
|
0.06:
|
|
* make rand_chars public
|
|
|
|
* remove old DSA-based code
|
|
|
|
* test suite for new DH/HMAC-based code
|
|
|
|
0.05:
|
|
* start implementing the new DH + HMAC-SHA1 spec, instead
|
|
of being DSA-based. The DSA code is still working for now,
|
|
and it'll do either protocol, but it'll be removed in time.
|
|
|
|
0.04:
|
|
* add "signed_return" method and docs
|
|
|
|
* require Convert::PEM 0.07, which was always required,
|
|
but I forgot its version number before
|
|
|
|
* add "redirect_for_setup" option on handle_page and docs
|
|
|
|
0.03:
|
|
* stupid push_url_arg bugfix
|
|
|
|
* more tests
|
|
|
|
0.02:
|
|
* checkid_immediate vs checkid_setup mode (handle_page can return
|
|
$type of "setup")
|
|
|
|
0.01:
|
|
* initial release. test suite works. no example app yet.
|
|
|
|
* requires Crypt::DSA or Crypt::OpenSSL::DSA
|